7921 matches found
Malicious code in rosolver (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0904af239ce7e030d9cde78de066412fb3942a4b12ea8be5c5d45681417230fc During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in pycolorlib001 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d13044c47d5f0b928df9bb3c300bbb520cef7df9cc929b859e7f2edd67d8221f During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
Malicious code in robase-library-quick-install (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3655afd9220b8d5df96a51d63e383fd4face5be5f31a2da02bcaf379d6625c6b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
MAL-2026-3041 Malicious code in robase-library-quick-install (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3655afd9220b8d5df96a51d63e383fd4face5be5f31a2da02bcaf379d6625c6b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
PT-2026-35136
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RxRPC component where RESPONSE packets were not strictly limited to the service challenge phase. This allowed duplicate or late RESPONSE packets to re-run the setu...
kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure
A flaw was found in the Linux kernel's Data Access MONitor DAMON sysfs interface. A local attacker, typically a privileged user, could exploit a cleanup bug during DAMON context setup. If the setup fails after the attrs directory is created, stale sysfs directories are left behind. This can lead ...
CVE-2026-41459
Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...
SUSE CVE-2026-31456
In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walkpudrange can race with a concurrent thread refaulting the PUD leaf entry causing it to try walking a PMD range that has disappeared. A...
Rocket.Chat SQL注入漏洞
Rocket.Chat is a chat software developed by the Rocket.Chat company. Versions prior to 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9 have a SQL injection vulnerability. This vulnerability stems from NoSQL injection and could lead to the takeover of the first user account with a...
EUVD-2026-25073
Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...
CVE-2026-41459
Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...
CVE-2026-41459
Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...
CVE-2026-41459 Xerte Online Toolkits Path Disclosure via /setup
Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...
CVE-2026-41459 Xerte Online Toolkits Path Disclosure via /setup
Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...
CVE-2026-41459
CVE-2026-41459 (Xerte Online Toolkits) affects versions 3.15 and earlier. An information disclosure vulnerability allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root by requesting the /setup page, where the exposed root_path value is rendered ...
EUVD-2026-24795
In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walkpudrange can race with a concurrent thread refaulting the PUD leaf entry causing it to try walking a PMD range that has disappeared. A...
CVE-2026-31460
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if extcaps is valid in BL setup LVDS connectors don't have extended backlight caps so check if the pointer is valid before accessing it. cherry picked from commit 3f797396d7f4eb9bb6eded184bbc6f033628a6f6...
CVE-2026-31456
In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walkpudrange can race with a concurrent thread refaulting the PUD leaf entry causing it to try walking a PMD range that has disappeared. A...
CVE-2026-31471 xfrm: iptfs: only publish mode_data after clone setup
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish modedata after clone setup iptfsclonestate stores x-modedata before allocating the reorder window. If that allocation fails, the code frees the cloned state and returns -ENOMEM, leaving x-modedata pointi...
CVE-2026-31460
In the Linux kernel, the drm/amd/display path was fixed to validate the ext_caps pointer before using it in BL setup, specifically for LVDS connectors that do not have extended backlight caps. The root cause was dereferencing an invalid ext_caps pointer, which could crash the system. The fix (che...